Marie is auditing identity systems to control access. What type of policies is she defining?

Marie is defining user-based policies, which focus on controlling access to resources based on individual user identities. User-based policies are designed to grant or restrict access to specific users, allowing for fine-tuned control over who can access what within an organization. By auditing identity systems, she ensures that the access rights assigned to users align with their roles and responsibilities, thereby enhancing security and compliance.

User-based policies can include various parameters such as permissions, roles, and user attributes that dictate what resources users can access and what actions they are permitted to perform. This approach is critical in identity management as it directly addresses the need for secure and tailored access management for each user, based on their unique identity traits within the organization.

Other policy types, while relevant in access control, take a broader or different perspective. Resource-based policies focus on the resources themselves rather than the users, federated access policies pertain to allowing authenticated users from one system to access resources in another system across federated identities, and role-based policies group access control based on roles rather than individual user identities.